when hardware attacks ale - ihp-microelectronics.com€¦ · • security test tools • security...
TRANSCRIPT
When Hardware Attacks
scaleMarc Witteman
Belas summer school 2019
Who is Riscure?
• Security lab in
the Netherlands, USA, China
• 100+ experts @ work
• We serve over 100 clients worldwide
• Security test tools
• Security test services
• We test devices that must be
secure in a hostile environment
• We help our customers to
improve security of their products
Attack exploitation space: time vs distance
3
protocolsoftware
Local
Fast Slow
Remote
key brute
force
side
channel
fault
injection
physical
relay
attack
Hardware attacks require:
• hardware vulnerabilities, or
• hardware changes to target
mitm
Hardware attacks
𝑝 = 𝑛 ∗ 𝑣 − 𝑐𝑣 − 𝑐𝑓p = profit
n = replications
v = value
cv = variable costs
cf = fixed costs
Attacker business case
4
1. Smart card Man-in-the-Middle
Hardware attack to bypass PIN verification of stolen payment cards
2. Retail hack
Network penetration attack to retrieve cardholder credentials
3. Card sharing
Relay attack to avoid paying TV subscription fees
Let’s analyze some known attacks
5
Smart card Man-in-the-Middle (1)
6Source: https://www.cl.cam.ac.uk/research/security/banking/nopin/
Chipcard Man-in-the-Middle (1)
7Source: https://www.cl.cam.ac.uk/research/security/banking/nopin/
EMV Man-in-the-Middle (2)
8
Retail hack
9
Retail hack
10
Retail hack
11
Retail hack
12
Retail hack
13
• Pay-TV decoders use smart cards
to control video access
• Subscription is in smart card
Card sharing (1)
14
Satellite data stream includes:
• Code words
• Encrypted
video stream
How does satellite TV work?
15
Smart card
Decrypt
Subscription key
Video key
SoC
DecryptVideo stream
• Pay-TV decoders use smart cards
to control video access
• Subscription is in smart card
• Distribution of video keys avoids
need for individual subscriptions
Card sharing (2)
16
Attack Fixed
Cost
Variable
Cost
Value Replications Profit
SC MitM € 30K € 100 € 500 100 € 10 K
Retail hack € 20K € 1 € 25 10K € 220 K
Card sharing € 10K € 10 € 100 1M € 90 M
Example attack business cases
17
Replications are key, but how is that bounded?
• Application size (e.g. #potential victims)
• Detection & mitigation
• Replication effort
To determine scalability, we need to quantify the replication effort
Attack phases and cost
Identification Exploitation
What it is finding a vulnerability replicate on target
Frequency once repeated
Speed How fast can we do this?
Skill Required knowledge / experience
Equipment Type of equipment
Location Where is the attacker?
What parameters determine the attack cost?
Fixed cost Variable cost
Attack parameters
Identification Exploitation
Vulnerability Hardware Software Hardware Software
Speed slow slow slow fast
Skill expert expert proficient layman
Equipment specialized standard specialized none
Location local near local remote
Scalable attackScalable attacks need software exploitation!,
but can build on hardware identification
What are typical attack parameters?
Defenders methodAttackers method
How to find software vulnerabilities?
20
White-BoxBlack-Box
Source Code
Review
Binary
AnalysisFuzzing
Model Based
Testing
Effectiveness
Most vulnerabilities are found white-box style!
Problem: Moore’s Law keeps pushing the limits
10.000
100.000
1.000.000
10.000.000
100.000.000
2005SmartCard
2010SmartMeter
2015SmartPhone
2020SmartCar
Software Lines of Code
Software vulnerabilities found
Source: NIST
Binary analysis
Disassemble
Flow analysis
Manual code review
Software packages typically have
0.1 up to 10 vulnerabilities per KLoC
All products have software vulnerabilities
Manual source code review performs at 100 LoC/hr
Finding a vulnerability in source code may take just one day
27
Static code analysis
Confidential
• Given the widespread presence of vulnerabilities there is an
increasing desire to mitigate risk
• Finding software vulnerabilities gets more difficult without
access to source/binary code
• Access to device software is increasingly restricted:
• PC software used to be accessible (e.g. exe files)
• Smart phone software is only visible for root
• Set-Top-Box software is hidden, and encrypted in transit
• How to attack a product protected with software encryption?
Software vulnerability hiding
inte
rna
l
29
Attacking encrypted software
Hardware attack offers two-step alternative:
1. Break software confidentiality
2. White-box binary analysis exposes logical vulnerability 30
Binary analysis
exposes logical
vulnerability
Exploitation
yields runtime
control
Start
Black-Box penetration testing
exposes logical vulnerability
Start Exploitation
yields runtime
control
Hardware attack
breaks software
confidentiality
Start Binary analysis
exposes logical
vulnerability
Exploitation
yields runtime
control
Encrypted software hides binary code
Black-Box penetration testing very inefficient
What is Secure Boot?
Internal boot ROM
1st stage boot
loader Nth stage boot
loader
Verify signature& decrypt
ApplicationVerify signature& decrypt
Verify signature& decrypt
An attacker who breaks secure boot can:
• Extract secrets
• Load & run arbitrary software
Source: http://www.fredericb.info/2016/10/amlogic-s905-soc-bypassing-not-so.html
Design flaw in
Pay-TV SoC
Secure boot chain broken by backdoor
Attacker used hardware weakness to dump
Boot Loader image
Re
stric
ted
33
Boot Loader header analysisstruct aml_img_header { // 64 bytes
unsigned char magic[4];// "@AML"
uint32_t total_len;
uint8_t header_len;
uint8_t unk_x9;
uint8_t unk_xA;
uint8_t unk_xB;
uint32_t unk_xC;
uint32_t sig_type;
uint32_t sig_offset;
uint32_t sig_size;
uint32_t data_offset;
uint32_t unk_x20;
uint32_t cert_offset;
uint32_t cert_size;
uint32_t data_len;
uint32_t unk_x30;
uint32_t code_offset;
uint32_t code_len;
uint32_t unk_x3C;
} aml_img_header_t;34
sig_type provides backdoor
that bypasses verification
Select
Certificate
Go
Get key
Public key
Code
Hash
Signature
Verified Sig
Verify
Hashed code
Compare
Stop
Conclusions
Scalable attacks need software exploitation
o Hardware attacks are laborious
o Software vulnerabilities are ubiquitous
o Software exploits are easy to replicate
Software encryption is inevitable for security
o Binary analysis very successful in identifying vulnerabilities
o Increasing number of products use encrypted software
Hardware attacks are scalable when
o Software is encrypted
o Shallow bugs (detectable black-box style) are absent
o Used in the identification step to extract software
o Deep software vulnerabilities are present
35
Riscure North America
550 Kearny St.
Suite 330
San Francisco, CA 94108
+1 (650) 646 9979
Riscure B.V.
Frontier Building, Delftechpark 49
2628 XJ Delft
The Netherlands
Phone: +31 15 251 40 90
www.riscure.com
Contact:
Riscure China
No. 989, Changle Road
Room 2030-31
Shanghai 200031
+86 21 5117 5435
Marc Witteman
Riscure is hiring, visit https://www.riscure.com/careers/